Click here to Skip to main content
15,880,392 members
Search within:


how to keep users logged in
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
C#
ASP.NET
Hi everybody,
My project consist of creating a web-based search application that allows users to search for employees using a Sql database table named "Employee". I have created a page where the user enters search criteria, hit search button a grid view will display results, next to each row found there is a link that lead the user to another page containing detailed information about that Employee, this page is a DetailsView. the 3rd page consist of creating a new employee not found in database. so it also consist of DetailsView. I also have a login Page.
here is the catch: I want to allow everybody to access the search result page (Gridview) but only Admins (who exist in a sql DB table named Roles) have the right to modify data on the DetailsView Detailes info Page, I ve done this using the
C#
DetailsView1.AutoGenerateEditButton = true;
                    DetailsView1.AutoGenerateDeleteButton = true;

but I want restrict regular users from accessing AddNewEmployee Page and Searchresult page with gridview on Edit mode, my login page looks like that:

C#
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
using System.Web.Security;
using System.Text;
using System.Security.Cryptography;
using System.IO;


namespace Phonebook
{
    public partial class LoginUser : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            
        }
       

        public string encryptQueryString(string strQueryString)
        {
            
            return BLL.Encryption64.Encrypt(strQueryString, "!#$a54?3");
        }


        protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
        {

            string username = Login1.UserName;
            string pwd = Login1.Password;
            SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["MyConnectionString"].ConnectionString);
            conn.Open();
            string sqlUserName = "SELECT UserId, Password FROM Roles ";
            sqlUserName += " WHERE (UserId ='" + username + "')";
            sqlUserName += " AND (Password ='" + pwd + "')";
            sqlUserName += " AND (Admin = 'Y')";
            SqlCommand cmd = new SqlCommand(sqlUserName, conn);
            cmd.Parameters.AddWithValue("@UserId", username);
            cmd.Parameters.AddWithValue("@Password", pwd);

            string currentName;
            currentName = (string)cmd.ExecuteScalar();
            if (currentName != null)
            {
                //AddEmployee AdEmp = new AddEmployee();
                Session["UserAuthentication"] = username;
                Session.Timeout = 1;
                Response.Redirect("~/AddEmployee.aspx?search=" + encryptQueryString(username) + "");
            }
            else
            {
                Session["UserAuthentication"] = "";
            }
        }



I am using login control but not the ASP.NET configuration tool.
Is there any way I can create a login logic that does this? Thank you
Posted
Updated 14-Sep-12 9:20am
v4
Add a Solution

1 solution

have a look,



http://stackoverflow.com/questions/5956224/keep-me-logged-in-for-windows-forms-login[^]
 
Share this answer
 
Posted
Comments
Predator008 14-Sep-12 15:34pm    
I m not using Forms at all I wanna go for Session or queryString to do this. Is it appropriate? or am I going to have a hard time going this way?
I m using a Master Page, I m thinking of using QueryString and check it in this master page and see whether the user is logged in or not? the querystring will be encrypted and contain the username, something like this
[no name] 14-Sep-12 15:57pm    
ok, You can set Some global Variable Value, If User Is Admin And Then Than Check by if Condition

if(global variable=='yes Admin')
{
//call modified Customer function Here
}
Else
{
//Do some Thing Here
}
Predator008 14-Sep-12 16:02pm    
Could you plz explain that using a concrete example? thanks
[no name] 14-Sep-12 16:28pm    
You Can define Global variable And Set Its Initial Value Say N.
and While authenticate user " string sqlUserName = "SELECT UserId, Password FROM Roles ";
sqlUserName += " WHERE (UserId ='" + username + "')";
sqlUserName += " AND (Password ='" + pwd + "')";
sqlUserName += " AND (Admin = 'Y')";"
U can Also fetch is user Admin? if Yes The Set global Variable to "yes" For Admin
And then u can use this global variable in if condition ...it is quit simple...
Please Let me know ur feedback..
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
how to keep user logged ?
Which database structure for keeping users advance
How do i...get logged user email with identity server 4
Running an application before user logs on
user log in
Keep taking numbers as inputs till the user enters ‘x’, after that print sum of all.
Remember/Keep me logged in
linkdin Connection of the logged user
User Audit or Log...
Is it possible that after closing application, the user is kept logged in and directed directly to the mainwindow?

Advertise
Privacy
Cookies
Terms of Use
Last Updated 14 Sep 2012
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web03 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900